feat(fs): optimize scanning performance by direct file access for known paths #8525
+334
−28
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…nalysis This change introduces a new StaticPathAnalyzer interface to improve file analysis performance by allowing analyzers to specify static file paths. Key modifications include: - Added StaticPathAnalyzer interface in analyzer package - Implemented StaticPaths() method for various OS, package, and repository analyzers - Updated local filesystem artifact analysis to use static paths when possible - Refactored file analysis logic to support both static path and traversal-based approaches - Added new methods in Artifact to handle different analysis strategies The new approach can potentially reduce filesystem traversal overhead by directly targeting known file locations for analysis.
This commit adds comprehensive tests for the recently introduced StaticPathAnalyzer interface and analysis strategies: - Implemented TestArtifact_AnalysisStrategy to verify different file analysis approaches - Added TestAnalyzerGroup_StaticPaths to validate static path extraction - Created a recordingWalker to track and verify file system traversal - Tested scenarios with disabled analyzers and static path detection - Ensured proper handling of file system analysis strategies
This change updates the import for UUID generation, replacing the external google/uuid package with a local custom UUID package. The modification ensures consistent UUID handling within the project and reduces external dependencies. Key changes: - Removed import of github.com/google/uuid - Added import of github.com/aquasecurity/trivy/pkg/uuid
This change modifies the TestArtifact_AnalysisStrategy test to use t.Context() instead of context.Background() when calling the Inspect method. This ensures better test context management and aligns with best practices for test-specific context handling.
knqyf263
changed the title
This change removes an unnecessary fmt.Println() debug statement in the StaticPaths method of the AnalyzerGroup. The print statement was likely used for temporary debugging and is no longer needed, helping to clean up the code and remove potential noise in the output.
This change updates the recordingWalker to use filepath.ToSlash() when recording walked roots, ensuring consistent path representation across different operating systems during testing. The modification helps maintain reliable and platform-independent file path tracking in filesystem-related tests. Key changes: - Convert walked root paths to forward slashes using filepath.ToSlash() - Improve test reliability for file system traversal
This change adds the missing closing brace `}` to the `TestAnalyzerGroup_StaticPaths` function in the filesystem test file, ensuring proper test method syntax and compilation.
This change enhances the TestAnalyzerGroup_StaticPaths test in fs_test.go by: - Adding a test case to verify behavior when all analyzers are disabled - Ensuring proper handling of static path analysis with different analyzer configurations - Improving test coverage for the StaticPathAnalyzer interface
This change enhances the rootfs documentation by: - Explaining default file traversal behavior - Demonstrating how to optimize scanning performance - Providing an example of scanning only OS packages - Highlighting scenarios where full traversal is necessary - Suggesting the use of --skip-dirs option for performance tuning
|
@DmitriyLewen Updated the document |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Overview
When scanning hosts with a large number of files, traversing the entire filesystem can be time-consuming and resource-intensive. This PR introduces an optimization that allows Trivy to directly access files with known absolute paths without traversing the filesystem.
Implementation Details
StaticPathAnalyzerinterface that allows analyzers to declare specific file paths they need to analyzeStaticPathAnalyzerinterfaceBenefits
This optimization is particularly beneficial for CI/CD pipelines and environments with large codebases or numerous system files.
Issues
Close #8481
Checklist